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March 24, 2014

MEMORANDUM FOR:               Eric L. Hirschhorn
                              Under Secretary for Industry and Security



FROM:                        Allen Crawley    ~~
                             Assistant Inspector General for Systems Acqu(S.iti
                              and IT Security

SUBJECT:                      Audit of Bureau of Industry and Security's Continuous Monitoring
                               Strategy and Practices

As part of our fiscal year (FY) 2014 Federal Information Security Management Act of 2002
(FISMA) review, OIG is initiating an audit of the Bureau of Industry and Security's continuous
monitoring strategy and practices. The audit objective is to determine whether BIS' continuous
monitoring strategy and practices, including ongoing security control assessments of its critical
information systems, provide adequate information for authorizing officials to make proper risk-
based decisions.

We plan to begin this work immediately. We will contact your audit liaison to establish an
entrance conference to discuss this audit. We will conduct our fieldwork at selected BIS and
contractor sites. If you have any questions, please call me at (202) 482-1855 or Dr. Ping Sun at
(202) 482-6121.

cc:    Simon Szykman, Chief Information Officer
       Rod Turk, Director, Office of Cyber Security, and Chief Information Security Officer
       Eddie Donnell, Acting Chief Information Officer, BIS
       Ida Mix, Acting Director of Budget, Planning, Assurance and Security, BIS
       Susan Schultz Searcy, Audit Liaison, Office of the Chief Information Officer
       Mark Crace, Audit Liaison, BIS
